* enforce session timeout policy
* better angular validation
* lint fix
* missing switch break
* fallback when timeout not supported with highest available timeout
* failing unit tests
* incorrect policy message
* vault timeout type adjustments
* fallback to "on browser refresh" for browser, when policy is set to "on system locked", but not available (Safari)
* docs, naming improvements
* fallback for current user session timeout to "on refresh", when policy is set to "on system locked", but not available.
* don't display policy message when the policy does not affect available timeout options
* 8 hours default when changing from non-numeric timeout to Custom.
* failing unit test
* missing locales, changing functions access to private, docs
* removal of redundant magic number
* missing await
* await once for available timeout options
* adjusted messaging
* unit test coverage
* vault timeout numeric module exports
* unit test coverage
* Implement automatic kdf upgrades
* Fix kdf config not being updated
* Update legacy kdf state on master password unlock sync
* Fix cli build
* Fix
* Deduplicate prompts
* Fix dismiss time
* Fix default kdf setting
* Fix build
* Undo changes
* Fix test
* Fix prettier
* Fix test
* Update libs/angular/src/key-management/encrypted-migration/encrypted-migrations-scheduler.service.ts
Co-authored-by: Maciej Zieniuk <167752252+mzieniukbw@users.noreply.github.com>
* Update libs/common/src/key-management/master-password/abstractions/master-password.service.abstraction.ts
Co-authored-by: Maciej Zieniuk <167752252+mzieniukbw@users.noreply.github.com>
* Update libs/angular/src/key-management/encrypted-migration/encrypted-migrations-scheduler.service.ts
Co-authored-by: Maciej Zieniuk <167752252+mzieniukbw@users.noreply.github.com>
* Only sync when there is at least one migration
* Relative imports
* Add tech debt comment
* Resolve inconsistent prefix
* Clean up
* Update docs
* Use default PBKDF2 iteratinos instead of custom threshold
* Undo type check
* Fix build
* Add comment
* Cleanup
* Cleanup
* Address component feedback
* Use isnullorwhitespace
* Fix tests
* Allow migration only on vault
* Fix tests
* Run prettier
* Fix tests
* Prevent await race condition
* Fix min and default values in kdf migration
* Run sync only when a migration was run
* Update libs/common/src/key-management/encrypted-migrator/default-encrypted-migrator.ts
Co-authored-by: Maciej Zieniuk <167752252+mzieniukbw@users.noreply.github.com>
* Fix link not being blue
* Fix later button on browser
---------
Co-authored-by: Maciej Zieniuk <167752252+mzieniukbw@users.noreply.github.com>
* add handler for new policy sync push notification
* fix story book build failure
* move logic into policy service, fix tests
* add account service
* add missing service to clie
* feat(user-decryption-options) [PM-26413]: Update UserDecryptionOptionsService and tests to use UserId-only APIs.
* feat(user-decryption-options) [PM-26413]: Update InternalUserDecryptionOptionsService call sites to use UserId-only API.
* feat(user-decryption-options) [PM-26413] Update userDecryptionOptions$ call sites to use the UserId-only API.
* feat(user-decryption-options) [PM-26413]: Update additional call sites.
* feat(user-decryption-options) [PM-26413]: Update dependencies and an additional call site.
* feat(user-verification-service) [PM-26413]: Replace where allowed by unrestricted imports invocation of UserVerificationService.hasMasterPassword (deprecated) with UserDecryptionOptions.hasMasterPasswordById$. Additional work to complete as tech debt tracked in PM-27009.
* feat(user-decryption-options) [PM-26413]: Update for non-null strict adherence.
* feat(user-decryption-options) [PM-26413]: Update type safety and defensive returns.
* chore(user-decryption-options) [PM-26413]: Comment cleanup.
* feat(user-decryption-options) [PM-26413]: Update tests.
* feat(user-decryption-options) [PM-26413]: Standardize null-checking on active account id for new API consumption.
* feat(vault-timeout-settings-service) [PM-26413]: Add test cases to illustrate null active account from AccountService.
* fix(fido2-user-verification-service-spec) [PM-26413]: Update test harness to use FakeAccountService.
* fix(downstream-components) [PM-26413]: Prefer use of the getUserId operator in all authenticated contexts for user id provided to UserDecryptionOptionsService.
---------
Co-authored-by: bnagawiecki <107435978+bnagawiecki@users.noreply.github.com>
* use PureCrypto in master password service decryptUserKeyWithMasterKey
* test for legacy AES256-CBC
* update SDK version to include the `PureCrypto.decrypt_user_key_with_master_key`
* change from integration to unit tests, use fake state provider
* feat(policies): Add URI Match Default Policy enum
Signed-off-by: Ben Brooks <bbrooks@bitwarden.com>
* feat(policies): Add logic to read and set the default from policy data
Signed-off-by: Ben Brooks <bbrooks@bitwarden.com>
* In settings, set default, disable select and display hint
Signed-off-by: Ben Brooks <bbrooks@bitwarden.com>
* Move applyUriMatchPolicy to writeValue function
Signed-off-by: Ben Brooks <bbrooks@bitwarden.com>
* Remove code to disable individual options because we're disabling the entire select
Signed-off-by: Ben Brooks <bbrooks@bitwarden.com>
* WiP move resolved defaultUriMatch to Domain Settings Service
* Merge branch 'main' of github.com:bitwarden/clients into pm-19310-uri-match-policy
Signed-off-by: Ben Brooks <bbrooks@bitwarden.com>
* Merge branch 'main' of github.com:bitwarden/clients into pm-19310-uri-match-policy
Signed-off-by: Ben Brooks <bbrooks@bitwarden.com>
* Merge branch 'main' of github.com:bitwarden/clients into pm-19310-uri-match-policy
Signed-off-by: Ben Brooks <bbrooks@bitwarden.com>
* Merge branch 'main' of github.com:bitwarden/clients into pm-19310-uri-match-policy
Signed-off-by: Ben Brooks <bbrooks@bitwarden.com>
* Merge branch 'main' of github.com:bitwarden/clients into pm-19310-uri-match-policy
Signed-off-by: Ben Brooks <bbrooks@bitwarden.com>
* Merge branch 'main' of github.com:bitwarden/clients into pm-19310-uri-match-policy
Signed-off-by: Ben Brooks <bbrooks@bitwarden.com>
* Address local test failures related to null observables
Signed-off-by: Ben Brooks <bbrooks@bitwarden.com>
* add missing services
* Fix test to use new resolvedDefaultUriMatchStrategy$
Signed-off-by: Ben Brooks <bbrooks@bitwarden.com>
* Move definition of defaultMatchDetection$ out of constructor
Signed-off-by: Ben Brooks <bbrooks@bitwarden.com>
* Update cipher form story to use resolvedDefaultUriMatchStrategy
Signed-off-by: Ben Brooks <bbrooks@bitwarden.com>
* Merge branch 'pm-19310-uri-match-policy' of github.com:bitwarden/clients into pm-19310-uri-match-policy
Signed-off-by: Ben Brooks <bbrooks@bitwarden.com>
* Fix incomplete storybook mock in cipher form stories
Signed-off-by: Ben Brooks <bbrooks@bitwarden.com>
* Add I18n key description
Signed-off-by: Ben Brooks <bbrooks@bitwarden.com>
* Add comment regarding potential memory leak in domain settings service
Signed-off-by: Ben Brooks <bbrooks@bitwarden.com>
* Add explicit check for null policy data
Signed-off-by: Ben Brooks <bbrooks@bitwarden.com>
* Add explicit check for undefined policy data
Signed-off-by: Ben Brooks <bbrooks@bitwarden.com>
* Merge branch 'pm-19310-uri-match-policy' of github.com:bitwarden/clients into pm-19310-uri-match-policy
Signed-off-by: Ben Brooks <bbrooks@bitwarden.com>
* Add shareReplay to address potential memory leak
Signed-off-by: Ben Brooks <bbrooks@bitwarden.com>
* Merge branch 'pm-19310-uri-match-policy' of github.com:bitwarden/clients into pm-19310-uri-match-policy
Signed-off-by: Ben Brooks <bbrooks@bitwarden.com>
* Merge branch 'main' of github.com:bitwarden/clients into pm-19310-uri-match-policy
Signed-off-by: Ben Brooks <bbrooks@bitwarden.com>
* Remove outdated comment
Signed-off-by: Ben Brooks <bbrooks@bitwarden.com>
* Improve type safety/validation and null checks in DefaultDomainSettingsService
Signed-off-by: Ben Brooks <bbrooks@bitwarden.com>
---------
Signed-off-by: Ben Brooks <bbrooks@bitwarden.com>
Co-authored-by: Jonathan Prusik <jprusik@classynemesis.com>
* Add importer metadata to native code
* Impl napi code in ts
* Impl napi code in ts
* Fix clippy
* Fix clippy
* remove ts util tests
* Check for installed browsers
* PR fixes
* test fix
* fix clippy
* fix tests
* Bug fix
* clippy fix
* Correct tests
* fix clippy
* fix clippy
* Correct tests
* Correct tests
* [PM-25521] Wire up loading metadata on desktop (#16813)
* Initial commit
* Fix issues regarding now unused feature flag
* Fixed ts-strict issues
---------
Co-authored-by: Daniel James Smith <djsmith85@users.noreply.github.com>
Co-authored-by: adudek-bw <adudek@bitwarden.com>
* Remove logic to skip Brave as that now happens via the native code
* Define default capabilities which can be overwritten by specifc client/platform
* Fix DI issues
* Do not overwrite existing importers, just add new ones or update existing ones
* feat: [PM-25521] return metadata directly (not as JSON) (#16882)
* feat: return metadata directly (not as JSON)
* Fix broken builds
Move getMetaData into chromium_importer
Remove chromium_importer_metadata and any related service
Parse object from native instead of json
* Run cargo fmt
* Fix cargo dependency sort order
* Use exposed type from NAPI instead of redefining it.
* Run cargo fmt
---------
Co-authored-by: Daniel James Smith <djsmith85@users.noreply.github.com>
* Only enable chromium loader for installed and supported browsers
---------
Co-authored-by: Daniel James Smith <2670567+djsmith85@users.noreply.github.com>
Co-authored-by: Daniel James Smith <djsmith85@users.noreply.github.com>
Co-authored-by: Andreas Coroiu <acoroiu@bitwarden.com>
* fix: always try to register clearOn events
`registerEvents` already checks for existing registered events so there is no
need to have a pre-check in `doStorageSave`. It causes issues because the
`newState` and `oldState` parameters come from the custom deserializer which
might never return `null` (e.g. transforming `null` to some default value).
Better to just use the list of registered events as a source of truth.
A performance check shows that most calls would only save a couple of
milliseconds (ranges from 0.8 ms to 18 ms) and the total amount of time
saved from application startup, to unlock, to showing the vault is about 100 ms.
I haven't been able to perceive the change.
* Revert "feat: add folder.clear warning (#16376)"
This reverts commit a2e36c4489.
* fix(auth-tech-debt): [PM-24103] Remove Get User Key to UserKey$ - Fixed and updated tests.
* fix(auth-tech-debt): [PM-24103] Remove Get User Key to UserKey$ - Fixed test variable being made more vague.
• prefer undefined over null
• obtain required UserId once per method, before branching
• guards moved to beginning of methods
* lift UserId retrieval to occur once during import
* remove redundant userId retrieval
* feat(two-factor-api-service) [PM-26465]: Add TwoFactorApiServiceAbstraction.
* feat(two-factor-api-service) [PM-26465]: Add TwoFactorApiService implementation.
* feat(two-factor-api-service) [PM-26465]: Add test suite for TwoFactorApiService.
* feat(two-factor-api-service) [PM-26465]: Replace ApiService dependencies with TwoFactorApiService for all refactored methods.
* feat(two-factor-api-service) [PM-26465]: Finish removal of Two-Factor API methods from ApiService.
* fix(two-factor-api-service) [PM-26465]: Correct endpoint spelling.
* feat(two-factor-api-service) [PM-26465]: Update dependency support for CLI.
* fix(two-factor-api-service) [PM-26465]: Update tests/deps for corrected spelling.
* feat(two-factor-api-service) [PM-26465]: Add TwoFactorApiService to Browser services module.
* fix(two-factor-api-service) [PM-26465]: Re-spell dependencies to take *Abstraction throughout, move to JslibServices module for cleaner importing across clients.
* feat(two-factor-api-service) [PM-26465]: Move new services to a feature area, rename abstract and concrete/default.
* feat(two-factor-api-service) [PM-26465]: Move the feature area to common/auth, not auth/common.
* feat(two-factor-api-service) [PM-26465]: Remove now-unneeded include from auth/tsconfig.
* refactor `canInteract` into a component level usage.
- The default service is going to be used in the CLI which won't make use of the UI-related aspects
* all nested entities to be imported from the vault
* initial add of archive command to the cli
* add archive to oss serve
* check for deleted cipher when attempting to archive
* add searchability/list functionality for archived ciphers
* restore an archived cipher
* unarchive a cipher when a user is editing it and has lost their premium status
* add missing feature flags
* re-export only needed services from the vault
* add needed await
* add prompt when applicable for editing an archived cipher
* move cipher archive service into `common/vault`
* fix testing code
* encode username for uri and add spec
* verify response from getHibpBreach method
* test/validate for BreachAccountResponse type and length instead of mock response
* - extract dirt api method out of global api service
- create new directory structure
- change imports accordingly
- extract breach account response
- put extracted code into new dirt dir
* codeowners and dep injection for new hibp service
* Require userId for KdfConfigService
* cleanup KdfConfigService unit tests
* Move required userId for export request up to component/command level
* Fix service creation/dependency injection
* Revert changes to kdf-config.service.spec cause by a bad rebase
* Fix linting issue
* Fix tests caused by bad rebase
* Validate provided userId to equal the current active user
* Create tests for vault-export.service
Deleted old tests which since have been replaced with individual-vault-export.service.spec.ts
---------
Co-authored-by: Thomas Avery <tavery@bitwarden.com>
Co-authored-by: Daniel James Smith <djsmith85@users.noreply.github.com>
* Introduce a new vault-export-api.service to replace the existing getOrganizationExport method in apiService
* Use new vault-export-api.service instead of the ApiService to retrieve organizational export data
* Remove unused method from apiService
* Register VaultExportApiService on browser
* Fxi linting issue by executing `npm run prettier`
* Rename abstraction and implementation of VaultExportApiService
* Use undefined instead of null
* Rename file of default impl of vault-export-api-service
* Fix test broken with 1bcdd80eea
* Define type for exportPromises
---------
Co-authored-by: Daniel James Smith <djsmith85@users.noreply.github.com>
* Add importer dummy lib, add cargo deps for win/mac
* Add Chromium importer source from bitwarden/password-access
* Mod crypto is no more
* Expose some Chromium importer functions via NAPI, replace home with home_dir crate
* Add Chromium importer to the main <-> renderer IPC, export all functions from Rust
* Add password and notes fields to the imported logins
* Fix windows to use homedir instead of home
* Return success/failure results
* Import from account logins and join
* Linux v10 support
* Use mod util on Windows
* Use mod util on macOS
* Refactor to move shared code into chromium.rs
* Fix windows
* Fix Linux as well
* Linux v11 support for Chrome/Gnome, everything is async now
* Support multiple browsers on Linux v11
* Move oo7 to Linux
* Fix Windows
* Fix macOS
* Add support for Brave browser in Linux configuration
* Add support for Opera browser in Linux configuration
* Fix Edge and add Arc on macOS
* Add Opera on macOS
* Add support for Vivaldi browser in macOS configuration
* Add support for Chromium browser in macOS configuration
* Fix Edge on Windows
* Add Opera on Windows
* Add Vivaldi on windows
* Add Chromium to supported browsers on Windows
* stub out UI options for chromium direct import
* call IPC funcs from import-desktop
* add notes to chrome csv importer
* remove (csv) from import tool names and format item names as hostnames
* Add ABE/v20 encryption support
* ABE/v20 architecture description
* Add a build step to produce admin.exe and service.exe
* Add Windows v20/ABE configuration functionality to specify the full path to the admin.exe and service.exe. Use ipc.platform.chromiumImporter.configureWindowsCryptoService to configure the Chromium importer on Windows.
* rename ARCHITECTURE.md to README.md
* aligns with guidance from architecture re: in-repository documentation.
* also fixes a failing lint.
* cargo fmt
* cargo clippy fix
* Declare feature flag for using chromium importer
* Linter fix after executing npm run prettier
* Use feature flag to guard the use of the chromium importer
* Added temporary logging to further debug, why the Angular change detection isn't working as expected
* introduce importer metadata; host metadata from service; includes tests
* fix cli build
* Register autotype module in lib.rs
introduce by a bad merge
* Fix web build
* Fix issue with loaders being undefined and the feature flag turned off
* Add missing Chromium support when selecting chromecsv
* debugging
* remove chromium support from chromecsv metadata
* fix default loader selection
* [PM-24753] cargo lib file (#16090)
* Add new modules
* Fix chromium importer
* Fix compile bugs for toolchain
* remove importer folder
* remove IPC code
* undo setting change
* clippy fixes
* cargo fmt
* clippy fixes
* clippy fixes
* clippy fixes
* clippy fixes
* lint fix
* fix release build
* Add files in CODEOWNERS
* Create tools owned preload.ts
* Move chromium-importer.service under tools-ownership
* Fix typeError
When accessing the Chromium direct import options the file button is hidden, so trying to access it's values will fail
* Fix tools owned preload
* Remove dead code and redundant truncation
* Remove configureWindowsCryptoService function/methods
* Clean up cargo files
* Fix unused async
* Update apps/desktop/desktop_native/bitwarden_chromium_importer/Cargo.toml
Co-authored-by: Oscar Hinton <Hinton@users.noreply.github.com>
* Fix napi deps
* fix lints
* format
* fix linux lint
* fix windows lints
* format
* fix missing `?`
* fix a different missing `?`
---------
Co-authored-by: Dmitry Yakimenko <detunized@gmail.com>
Co-authored-by: Kyle Spearrin <kyle.spearrin@gmail.com>
Co-authored-by: Daniel James Smith <djsmith85@users.noreply.github.com>
Co-authored-by: ✨ Audrey ✨ <ajensen@bitwarden.com>
Co-authored-by: ✨ Audrey ✨ <audrey@audreyality.com>
Co-authored-by: adudek-bw <adudek@bitwarden.com>
Co-authored-by: Oscar Hinton <Hinton@users.noreply.github.com>
* [PM-24243] Load config service feature flag into SDK client during initialization
* [PM-24243] Bump sdk version
* [PM-24243] Update load_flags to use generic Map instead of strongly typed object
* [PM-24243] Pass entire feature states object into SDK
* [PM-24243] Bump SDK version
* [PM-24243] Fix failing test
* [PM-19479] Client-Managed SDK state definition
* Remove test code
* Update based on latest sdk
* Add DB config
* Remove uuid conversion step
* Move mapper into separate file
* Revert to client managed state
* Move mapper to Cipher
* Typo
---------
Co-authored-by: Andreas Coroiu <andreas.coroiu@gmail.com>
* Move pin service to km ownership
* Run format
* Eslint
* Fix tsconfig
* Fix imports and test
* Clean up imports
* Remove unused dependency on PinService
* Fix comments
---------
Co-authored-by: Daniel James Smith <djsmith85@users.noreply.github.com>
* Introduce ActiveUserAccessor
* Use ActiveUserAccessor over AccountService
* Updates tests and testing utils to support ActiveUserAccessor
* Update all injection points
* Fix types test
* Use ternary instead
When a user logs in via SSO after their org has offboarded from TDE, we now show them a helpful error message stating that they must either login on a Trusted device, or ask their admin to assign them a password.
Feature flag: `PM16117_SetInitialPasswordRefactor`
* feat: Create methods for calling GET auth-request/pending endpoint.
* feat: update banner service on web, and desktop vault
* test: updated banner test to use auth request services
* fix: DI fixes
* feat: add RequestDeviceId to AuthRequestResponse
* fix: add Browser Approvals feature flags to desktop vault and web vault banner service
* test: fix tests for feature flag
* Created new service to get restricted types for the CLI
* Created service for cli to get restricted types
* Utilized restriction service in commands
* Renamed function
* Refactored service and made it simpler to check when a cipher type is restricted or not
* Moved service to common so it can be utilized on the cli
* Refactored service to use restricted type service
* Removed userId passing from commands
* Exclude restrict types from export
* Added missing dependency
* Added missing dependency
* Added missing dependency
* Added service utils commit from desktop PR
* refactored to use reusable function
* updated reference
* updated reference
* Fixed merge conflicts
* Refactired services to use isCipherRestricted
* Refactored restricted item types service
* Updated services to use the reafctored item types service
